Crypto Money Miner Penetrates 500+ Top Australian Websites

More than 500 Australian Web sites luding many governmentencies defence sites schools parliamentary sites and universities were hacked at the weekend a British security researcher has reported.

Affected sites lude defence.gov.au nsw.gov.au humanservices.gov.au schools.nsw.edu.au premier.vic.au passports.gov.au – and pm.gov.au.

These are of course publicly available Web sites. It’s unclear at this stage if once in the hackers were able to retrieve more valuable information or damage the sites.

The sites along with about 3500 other sites across the globe many associated with government were primarily hijacked to run the Coinhive crypto-currency mining software according to British security researcher Scott Helme who uncovered the attacks at the weekend.

Crypto-currency mining uses vast amounts of computer power to create the unofficial coinage – in this case not bitcoin but an open-source currency dubbed Monero which runs in Windows Mac OS Linux Android and FreeBSD. Those hijacked are likely to find that their data consumption has gone to stratospheric levels.

But if all these Web sites – many of them important governmentencies – have had their underpinnings so easily penetrated it raises alarm bells about what the Monero miner or other hackers might be able to do.

Helme at the weekend claimed to have discovered 4275 government Web sites across the globe that had been hijacked by Coinhive. The list spans the US and UK as well as Australia.

Among the Australian sites affected were the Queensland Government’s main legislation site – legislation.qld.gov.au – along with Canberra’s defence.gov.au and sites belonging to the Victorian Parliament and South Australia’s City of Unley.

Some others were: bom.gov.au (the Bureau of Meteorology) nsw.gov.au sbs.gov.au. my.gov.au the goodguys.com.au humanservices.gov.au Newcastle.ed.au transportnsw.gov.au aldi.com.au transport.qld.gov.au asic.gov.au schools.nsw.edu.au abs.gov.au actu.gov.au nrma.com.au Australia.com health.wa.gov.au. passports.gov.au dodo.com.au defence.gov.au sa.gov.au nt.gov.au accc.gov.au abc.newsonline.com.au dss.gov.au (Dept of Social Services) army.gov.au austrac.gov.au nationalcrimecheck.com.au data.gov.au myhealthrecord.gov.au and premier.vic.gov.au.

Helme said he found the compromised JavaScript file on Sunday morning UK time after a friend’s anti-virus program set off an alert on the site of the UK Information Commissioner’s Office.

He traced the malicious script back to its source: a Web site plug-in called Browsealoud which helps people with low vision dyslexia and low literacy access the Internet. It had apparently been hacked via Coinhive.

Helme reckons government Web sites should be held to a higher security standard if they use third-party services such as Browsealoud.

He adds: “This is a pretty bad situation to be in and any site that lo that file will now have the crypto-miner installed. The sheer number of sites affected by this is huge and some of them are really prominent government Web sites.”

Texthelp has shut – the operation by disabling Browsealoud while its engineering team investigates.